RiskTemplates · The Daily Brief Monday, May 18, 2026

RiskTemplates.

Wire
MAY 15 SEC's Final Judgment Against Black Hawk's Robert Newell: How a $37M Cannabis Fund Became a Ponzi Case Study MAY 14 SEC Adani $18M Settlement: When Anti-Bribery Disclosures Become Securities Fraud MAY 13 SEC and DOJ Charge 21 in BigLaw M&A Insider Trading Ring — What the Document Management Trail Tells You MAY 12 OCC Consent Orders: From Issuance to Termination — A Practitioner's Walkthrough MAY 12 SEC Charges Reign Financial and Berone Capital in $26M Prime Bank Scheme: The Due Diligence Failures Every Adviser Should Audit MAY 10 Parmar's $212M Constellation Healthcare Sentencing: Take-Private Fraud Lessons for Risk and Compliance MAY 15 SEC's Final Judgment Against Black Hawk's Robert Newell: How a $37M Cannabis Fund Became a Ponzi Case Study MAY 14 SEC Adani $18M Settlement: When Anti-Bribery Disclosures Become Securities Fraud MAY 13 SEC and DOJ Charge 21 in BigLaw M&A Insider Trading Ring — What the Document Management Trail Tells You MAY 12 OCC Consent Orders: From Issuance to Termination — A Practitioner's Walkthrough MAY 12 SEC Charges Reign Financial and Berone Capital in $26M Prime Bank Scheme: The Due Diligence Failures Every Adviser Should Audit MAY 10 Parmar's $212M Constellation Healthcare Sentencing: Take-Private Fraud Lessons for Risk and Compliance

Topic Privacy & Incident Response

When privacy laws collide with a real incident.

State privacy laws, breach notification timelines, and incident response playbooks — for the team that has to decide what to disclose, to whom, and by when. Aligned with NIST SP 800-61, state breach laws, and federal incident reporting.

◆ CCPA · CPRA · state privacy laws · NIST SP 800-61 · federal breach rules

Browse templates Latest analysis

◆ What you'll find here

Privacy and incident response, treated as one program.

◆ 01

State privacy laws

CCPA, CPRA, Colorado, Connecticut, Texas, and every state law that follows the same pattern. The obligations, the timelines, and what your privacy program actually has to do.

◆ 02

Breach notification

All 50 state breach laws plus federal sector rules (HIPAA, GLBA, SEC cyber, banking incident reporting). Decision trees, notification templates, and the timelines that actually trigger reporting.

◆ 03

IR playbooks

Ransomware, BEC, third-party breach, insider, lost device — the eight playbook patterns that cover most real incidents. Built on NIST SP 800-61 and what actually happens in the room.

◆ Privacy & incident response templates

Tools for privacy + IR teams.

Decision trees, notification templates, IR runbooks, and the evidence you need to show regulators and bank partners.

Template
$69

Data Privacy Compliance Kit

Multi-state privacy compliance templates covering 19 state laws plus GLBA and CCPA.

Learn more → Buy now →
Template
$69

Incident Response & Breach Notification Kit

Step-by-step incident response playbooks and breach notification templates for all 50 states.

Learn more → Buy now →

28+

Privacy & IR articles

50

State breach laws covered

US

CCPA · CPRA · NIST SP 800-61 · sector rules

◆ Latest analysis

From the journal.

Incident Response

FFIEC 36-Hour Incident Notification Rule: What Banking Organizations Must Report, When, and to Whom

A practitioner's guide to the federal banking agencies' computer-security incident notification rule — what triggers the 36-hour clock, the two-tier framework for banks vs. bank service providers, and the gray areas that catch incident response teams off guard.

· 9 min read

Data Privacy

GLBA Regulation P Privacy Notices: What Financial Institutions Must Send, When, and the FAST Act Exception Explained

A practitioner's guide to GLBA Regulation P: who must send privacy notices, what the initial and annual notice must include, when the FAST Act exception eliminates the annual requirement, and how opt-out rights actually work.

· 11 min read

Incident Response

NYDFS Hits Delta Dental With $2.25M — The First 2026 Cyber Action Is About Notice and Retention, Not the Breach

NYDFS's first 2026 cybersecurity enforcement penalizes Delta Dental for a six-month notification delay and lengthened MOVEit retention settings — not for getting hit. What practitioners should pull from the consent order.

· 9 min read

Data Privacy

Privacy Impact Assessment Template: How to Run a DPIA or PIA That Satisfies GDPR, CPRA, and 20+ US State Privacy Laws

A practitioner's guide to designing, conducting, and documenting privacy impact assessments — covering GDPR Article 35 DPIA requirements, California CPRA risk assessments (effective January 2026), and state law PIA triggers across 20+ US jurisdictions.

· 11 min read

Data Privacy

HIPAA Security Rule Overhaul: The New Technical Safeguard Requirements Coming to Every Covered Entity and Business Associate

The biggest HIPAA Security Rule update since 2013 is arriving in 2026. Here's what the proposed final rule requires, what's actually changing, and how to run a gap assessment before the compliance deadline.

· 9 min read

Data Privacy

DSAR Response Workflow: A Practitioner's Guide to Data Subject Access Requests Under CCPA, GDPR, and State Privacy Laws

DSARs aren't optional, and mishandling them now costs seven figures. Here's the complete workflow — intake, identity verification, data collection, legal review, and documented response — built for teams managing multi-law obligations.

· 12 min read
View all 28 articles →

◆ Immaterial Findings · Weekly

Sharp risk & compliance insights practitioners actually read.

Enforcement actions, regulatory shifts, and practical frameworks — no fluff, no filler.

◆ Practitioners from banks, fintechs, and asset managers · Delivered weekly

Immaterial Findings · Newsletter

The brief, in your inbox.

Enforcement of the week, a framework breakdown, and the prompts that are actually worth running. Delivered to your inbox. Free.